Only run check SIP enablement once in `init` step - Githubissues

github / codeql-action

Actions for running CodeQL analysis

MIT License

1.14k stars 313 forks source link

Only run check SIP enablement once in `init` step #2441

Closed angelapwen closed 3 weeks ago

angelapwen commented 3 weeks ago

In https://github.com/github/codeql-action/pull/2434 we stopped calling the df system binary on MacOS ARM runners where SIP was disabled, but the actual call to csrutil itself was run again and is also a binary 😸

This change makes it so that csrutil is only called once, in the init step before the build tracer environment variables are set, and then its result is saved in an environment variable.

Merge / deployment checklist

[x] Confirm this change is backwards compatible with existing workflows.
[x] Confirm the readme has been updated if necessary.
[x] Confirm the changelog has been updated if necessary.

github-actions[bot] commented 3 weeks ago

Pushed a commit to rebuild the Action. Please mark the PR as ready for review to trigger PR checks.